[nfsv4] Re: Our different approaches to draft POSIX ACL support in NFSv4

David Noveck <davenoveck@gmail.com> Wed, 24 July 2024 19:27 UTC

Return-Path: <davenoveck@gmail.com>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 328DBC14F6E1 for <nfsv4@ietfa.amsl.com>; Wed, 24 Jul 2024 12:27:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id b-3PoLaP9xIS for <nfsv4@ietfa.amsl.com>; Wed, 24 Jul 2024 12:27:20 -0700 (PDT)
Received: from mail-yw1-x1136.google.com (mail-yw1-x1136.google.com [IPv6:2607:f8b0:4864:20::1136]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B62D3C14F5EE for <nfsv4@ietf.org>; Wed, 24 Jul 2024 12:27:20 -0700 (PDT)
Received: by mail-yw1-x1136.google.com with SMTP id 00721157ae682-654cf0a069eso1390837b3.1 for <nfsv4@ietf.org>; Wed, 24 Jul 2024 12:27:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1721849240; x=1722454040; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=XMw3d8AfrWYLk92Ue2wFcRDuGYeh2Vml15qMJPsSaLA=; b=De2y+SirquJ52A6h3ui1Q5o/2DwqRiluHtdbjFge5hfeuyXpjE+XSCooGK6lndJTux a+khvXXj2Bz12LT1cUkHm8OQJ9LtlQvfbz7qGpNMRiE07lNWtzEQd2k1q6d4JRBRLfJ7 8JW/ddInnreUY6tto1EhY+FcFcW2Iihs6jFRNE0LK2XMstvsQ5w1708lO+NahFWW5ST3 FC3dUs7Tq218X71f3tuz/tYXyLr9beGIZluaqIsD7fTTl0m5MErfd7kiR9rGKadRbdp0 h8ozsF2fkjocYsGt481DT8+pEQTvftRDNEZf6d+9vmLPjZ0KTxiwg46r6VVf4jpk6UHQ fy3g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1721849240; x=1722454040; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=XMw3d8AfrWYLk92Ue2wFcRDuGYeh2Vml15qMJPsSaLA=; b=NGI7irlSi5MP+rrTJbpsT3eKlJC5GthQrUpEhX+IA9P8kRg7X04SJ/T9HCxdWiRYfm wq6YlB3PNj3zZqdOFNZ/T/bONu2piUW6qlqrYJrlcshL8hHw7Pa7UInLLMjO2qTdqnjj Y+gLYaZ3X6sVP8vmVJqY2FTBJ3oOsbJNKR4IopNOpKJVlJrB4SAMUDLxXY6R3f/4cmKR zX+qxs67J6dd3YmQWXS05dqEuP7URDk5TqDESscxubtcLSJFZBdl6NAxrP9YIohxkmH6 N2ppKBFsiqD82gZMI4B0CQNCCN6BI5ux0IxSbzA63jp5gBtTuFf2yeAEvy00DSdQMdc+ P3pA==
X-Forwarded-Encrypted: i=1; AJvYcCWHCOKVkd9PYnzEn6YaUtpKVuHkmbyR/EV7riJP24txQ0M9YMCnHRybBvjqZ8dGn/FR+7+SSHS+VD1wiDvUGQ==
X-Gm-Message-State: AOJu0YwfoVw8ZgeoOtsMJ3X+TDLwM2e4tWly+sZgeAPR+bFxPKL5ID+Y nXcWs1xCKY58+cJ8YBDgCGi1BHS+Y33AAuDqYFdGe3F8PqerdTMU3wr9M5eXJ659hehJQ4GtbLv TsinX3K5ka3p5vksVHKmIaSF9Uv4=
X-Google-Smtp-Source: AGHT+IEQnJDMGWSAxfDI62zcLMccif+YdTSNbWsUSCNZ7kWSNbb4gvM22hbFSmSvVQfrEmXgMgFo3HnFOjdB+UHfWNc=
X-Received: by 2002:a81:ab53:0:b0:61a:e4ef:51d with SMTP id 00721157ae682-6751082c4efmr5655937b3.9.1721849239854; Wed, 24 Jul 2024 12:27:19 -0700 (PDT)
MIME-Version: 1.0
References: <CADaq8jdvZ5pcFNN5zjuVHLTO30v9=2kYKzFdRxxbkTmHYZdTdA@mail.gmail.com> <CAM5tNy7Fw954gCzYHCTjRg7th_njSHhxznni48Zz4xsSXT631A@mail.gmail.com> <53DAEF45-2A4D-4066-97C2-7B09018DE99B@oracle.com> <CAM5tNy6a4ZG90i2ugXzuPqQ1zrsK9m8jLRKmv9VpnFG6m_Pqew@mail.gmail.com> <DD250FBD-A434-4294-818A-5728757CE032@oracle.com> <d1c538065728c17df66a6f9e79e55d90849fc866.camel@gmail.com> <D352FEB9-A487-4B3E-9BC8-DB2C1896F941@oracle.com> <8efc39289ecef97624622cfc431f890736b579a0.camel@hammerspace.com> <33FA1D6E-73B3-43A1-B65C-D806156E39A5@oracle.com> <cf8a48e517210512755455dd78352ae5b64f7949.camel@hammerspace.com> <449AF448-1471-47CD-B5C5-3A3A5FB9FB12@oracle.com> <2e32694382df3e70a93edcf40434a41729031e55.camel@hammerspace.com> <83c39a7b12c05b0f1a0fa6e069b08e399864277a.camel@hammerspace.com> <CADaq8jfw1FVH3dxOEJAZLrw_S5y2F6eaGkcfpha4X8BBNWgRSQ@mail.gmail.com> <6903782a95875541489844e33541114f0bf01acb.camel@hammerspace.com> <CADaq8jdFYo_DtRxS3h17dyQSFqXeoR60OjsjMM=o35HDg8ZnNg@mail.gmail.com> <111D8D84-CFA9-4823-A5FD-A7B58045356C@oracle.com>
In-Reply-To: <111D8D84-CFA9-4823-A5FD-A7B58045356C@oracle.com>
From: David Noveck <davenoveck@gmail.com>
Date: Wed, 24 Jul 2024 15:27:08 -0400
Message-ID: <CADaq8jdTe14+CRUuAmrn3MKq_ezxBS4GUAMNn5G9oe8J9q35Ug@mail.gmail.com>
To: Chuck Lever III <chuck.lever@oracle.com>
Content-Type: multipart/alternative; boundary="0000000000004c6bc5061e0344a2"
Message-ID-Hash: EPYURGVX2WLOC55AL5KBHLZV7OISRPGD
X-Message-ID-Hash: EPYURGVX2WLOC55AL5KBHLZV7OISRPGD
X-MailFrom: davenoveck@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-nfsv4.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Trond Myklebust <trondmy@hammerspace.com>, Bruce Fields <bfields@fieldses.org>, "nfsv4@ietf.org" <nfsv4@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [nfsv4] Re: Our different approaches to draft POSIX ACL support in NFSv4
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/nfsv4/kiFsezQSxrFWdH0Z31EoiSmEG2M>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Owner: <mailto:nfsv4-owner@ietf.org>
List-Post: <mailto:nfsv4@ietf.org>
List-Subscribe: <mailto:nfsv4-join@ietf.org>
List-Unsubscribe: <mailto:nfsv4-leave@ietf.org>

On Wed, Jul 24, 2024 at 10:59 AM Chuck Lever III <chuck.lever@oracle.com>
wrote:

> Hi -
>
> > On Jul 24, 2024, at 8:43 AM, David Noveck <davenoveck@gmail.com> wrote:
> >
> > Rick has discussed the possibility of a v4.2 extension but using new
> attributes has not committed to writing it up.   I'm worried that he might
> lose interest given the possibility of IP horrors, but I really don't know.
> From my point of view, the weakness in Rick's approach is that it does not
> address migration and coexistence issues.  I think that is essential given
> the history here but many files with ACLs exist on file systems and I think
> it's important to address the issues of how the existing model and a new
> one will interact.
>
> Hence my concern about how POSIX ACLs might appear to clients
> that access them via NFSv3's NFSACL versus how they might
> appear to clients that access them via a putative NFSv4 POSIX
> ACL facility. NFSv3 remains a widely-deployed protocol and I
> believe users would be surprised if there were compatibility
> issues.
>

I think they would be upset, with good reason.

>
> If there are no issues here, great! If there are, IMO new
> documents should help implementers and users understand and
> cope with any differences.
>
> Given that you believe "it's important to address the issues
> of how the existing model and the new one interact"


I assume that, by the "existing model" you mean use of draft POSIX ACLs
established either using the NFSACL sideband protocol to local APIs
designed to set and interrogate that sort of ACLs.

I am also interested in the case in which the "existing model" is the use
of NFsv4 ACLs which might or might not be fit with the draft POSIX ACL
model.

Nevertheless, both are important and I intend to address both.

I hope
> you will provide some guidance in this area in acls-0?


I intend to that in an expanded Appendix C  in acls-05.  I hope to have
this out in early August.

or
> follow-on documents. :-)
>

It is not clear yet who will write those  documents.  Whenever work on that
starts, the material in the expanded Appendix will be available as a base,
and I expect to be available to help.


>
> --
> Chuck Lever
>
>
>